embedded systems and methods of reading or writing data or instructions of at least one application in a non-volatile memory are disclosed. A method includes reading or writing data or instructions of at least one application in a non-volatile memory of an embedded system. The data or instructions transit through a memory area and are interpreted by a distinct program of an operating system of the embedded system.
|
15. A chip card, comprising:
a first non-volatile memory area storing first initialization instructions associated with a first application, the first initialization instructions being separate from instructions of the first application and being separate from instructions of an operating system; and
a second non-volatile memory area, wherein execution of the first initialization instructions initializes the first application, the initializing the first application including storing instructions, data, or instructions and data associated with the first application in one or more addresses of the second non-volatile memory area, the one or more addresses being determined under control of the first application, wherein the first initialization instructions are instructions of personalization.
1. A method, comprising:
storing first initialization instructions associated with a first application in a first area of a non-volatile memory of an embedded system, the first initialization instructions being separate from instructions of the first application and being separate from instructions of an operating system of the embedded system;
executing the first initialization instructions to initialize the first application, the initializing the first application including storing instructions, data, or instructions and data associated with the first application in one or more addresses of one or more second areas of the non-volatile memory, the one or more addresses being determined under control of the first application, wherein the first initialization instructions are instructions of personalization.
19. A non-transitory computer-readable medium having contents which cause an embedded computing system to perform a method, the method comprising:
storing first initialization instructions associated with a first application in a first non-volatile memory area of an embedded system, the first initialization instructions being separate from instructions of the first application and being separate from instructions of an operating system of the embedded system;
executing the first initialization instructions to initialize the first application, the initializing the first application including storing instructions, data, or instructions and data associated with the first application in one or more addresses of one or more second non-volatile memory areas of the embedded system, the one or more addresses being determined under control of the first application, wherein the first initialization instructions are instructions of personalization.
8. An embedded system, comprising:
a non-volatile memory having a plurality of memory areas including:
a first area storing first initialization instructions associated with a first application; and
one or more second areas, the first initialization instructions being separate from instructions of the first application and being separate from instructions of an operating system of the embedded system; and
processing circuitry coupled to the non-volatile memory, wherein in an application initialization phase of operation, the processing circuitry executes the first initialization instructions to initialize the first application, the initializing the first application including storing instructions, data, or instructions and data associated with the first application in one or more addresses of the one or more second areas of the non-volatile memory, the one or more addresses being determined under control of the first application, wherein the first initialization instructions are instructions of personalization.
2. The method according to
3. The method according to
4. The method according to
5. The method according to
6. The method according to
7. The method of
9. The embedded system according to
10. The embedded system according to
11. The embedded system according to
the first area stores second initialization instructions associated with a second application; and
in the application initialization phase of operation, the processing circuitry executes the second initialization instructions to initialize the second application, the initializing the second application including storing instructions, data, or instructions and data associated with the second application in one or more addresses of the one or more second areas of the non-volatile memory, the one or more addresses into which the instructions, data or instructions and data associated with the second application are stored being determined under control of the second application.
12. The embedded system according to
13. The embedded system according to
14. The embedded system according to
16. The chip card according to
the first non-volatile memory area stores second initialization instructions associated with a second application, the second initialization instructions being separate from instructions of the second application and being separate from instructions of the operating system, wherein execution of the second initialization instructions initializes the second application, the initializing the second application including storing instructions, data, or instructions and data associated with the second application in one or more addresses of the second area of the non-volatile memory, the one or more addresses being determined under control of the second application.
17. The chip card according to
18. The chip card according to
20. The non-transitory computer-readable medium of
|
The present disclosure generally concerns electronic systems and, in particular, embedded electronic systems. The present disclosure more particular concerns embedded electronic systems capable of implementing at least one application.
Embedded electronic systems, or embedded systems, are autonomous systems generally specialized in one or a plurality of specific tasks. An embedded system is generally implemented by an operating system (OS).
More and more embedded systems are capable of implementing a plurality of specific tasks. For this purpose, their operating system is capable of implementing a plurality of applications.
It would be desirable to be able to at least partly improve certain aspects of known embedded systems having their operating system capable of implementing one or a plurality of applications.
Various embodiments of the present disclosure more reliable embedded systems which overcome various drawbacks of the related art.
In one or more embodiments, the present disclosure provides more reliable embedded systems having their operating system capable of implementing one or a plurality of applications.
In one or more embodiments, the present disclosure provides embedded systems having the data (controls and data) of their different applications more efficiently stored in a memory.
An embodiment overcomes all or part of the disadvantages of known embedded systems.
An embodiment provides a solution more particularly adapted to a system having its operating system capable of implementing a plurality of applications.
An embodiment provides a method of starting an embedded system, wherein first instructions, distinct from instructions of an operating system of the embedded system, are executed to cause the storage of at least one application into a non-volatile memory.
According to an embodiment, the first instructions are stored in a non-volatile memory area.
According to an embodiment, second instructions of a plurality of applications are stored in said area.
According to an embodiment, said first instructions are or execute instructions of personalization and/or of configuration of the application(s).
According to an embodiment, the application(s) are capable of generating the addresses at which data are stored in said memory.
An embodiment provides an embedded system comprising an area of storage of first instructions, distinct from instructions of an operating system, into which second instructions of at least one application are stored, the first instructions being intended to cause the storage of said at least one application into a non-volatile memory at the starting of the embedded system.
According to an embodiment, at least two applications are implemented by the operating system.
According to an embodiment, said first instructions are or execute instructions of personalization and/or of configuration of the application(s).
According to an embodiment, the applications are capable of generating the addresses at which they store data into said memory.
According to an embodiment, at least one application is a bank payment or transport application.
An embodiment provides a chip card capable of implementing the described method.
An embodiment provides a chip card comprising a system such as described.
An embodiment provides a method of reading and/or writing data or instructions of at least one application in a non-volatile memory of an embedded system, wherein the data or instructions transit through a memory area and are interpreted by a program distinct from an operating system of the embedded system.
According to an embodiment, said area is a volatile memory area.
According to an embodiment, said area is a non-volatile memory area.
According to an embodiment, said at least one application is implemented by the operating system.
According to an embodiment, instructions are transferred from one application to another via said area.
According to an embodiment, the application(s) are capable of storing data into the memory.
According to an embodiment, the application(s) are capable of generating the addresses at which they store data into said memory.
An embodiment provides an embedded system, capable of implementing at least one application stored in a non-volatile memory, comprising a memory area and a program, distinct from an operating system, data or instructions of said at least one application transiting through said area to be stored in said memory.
According to an embodiment, said area is a volatile memory area.
According to an embodiment, said area is a non-volatile memory area.
According to an embodiment, the system implements at least two applications.
According to an embodiment, data transit from one application to another via said memory area.
According to an embodiment, the applications are capable of generating the addresses at which they store data into said memory.
According to an embodiment, at least one application is a bank payment or transport application.
An embodiment provides a chip card capable of implementing the described method.
An embodiment provides a chip card comprising a system such as described.
The foregoing and other features and advantages of the present disclosure will be discussed in detail in the following non-limiting description of specific embodiments and implementation modes in connection with the accompanying drawing:
Like features have been designated by like references in the various figures. In particular, the structural and/or functional features that are common among the various embodiments may have the same references and may dispose identical structural, dimensional and material properties.
For the sake of clarity, only the operations and elements that are useful for an understanding of the embodiments described herein have been illustrated and described in detail.
Unless indicated otherwise, when reference is made to two elements connected together, this signifies a direct connection without any intermediate elements other than conductors, and when reference is made to two elements coupled together, this signifies that these two elements can be connected or they can be coupled via one or more other elements.
In the following disclosure, unless indicated otherwise, when reference is made to absolute positional qualifiers, such as the terms “front”, “back”, “top”, “bottom”, “left”, “right”, etc., or to relative positional qualifiers, such as the terms “above”, “below”, “higher”, “lower”, etc., or to qualifiers of orientation, such as “horizontal”, “vertical”, etc., reference is made to the orientation shown in the figures.
Unless specified otherwise, the expressions “around”, “approximately”, “substantially” and “in the order of” signify within 10%, and preferably within 5%.
The term “operating system” designates a set of programs or software enabling to operate an embedded system. It is the highest level of the programs and software implemented by the embedded system. The term “application” designates a program or software capable of being implemented by an operating system. It is a program of software with a level lower than the level of the operating system.
Electronic circuit 100 comprises:
one or a plurality of digital processing units 110 (PU), among which at least one microprocessor;
one or a plurality of memories of volatile (RAM) 112 and/or non-volatile (NVM) 115 data and program storage;
one or a plurality of data, address, and/or control buses 114 between the different elements internal to circuit 100;
one or a plurality of input/output interfaces 117, (I/O) of wired or wireless communication with the outside of circuit 100; and
various other circuits according to the application, symbolized in
The operation of microprocessor 110 is ruled by an operating system which operates, among others, non-volatile memory areas 115.
Circuit 100 is for example integrated in a microcircuit card (IC card) or a chip card (smartcard), with or without contact.
The circuit of
Memory 15 comprises, at least functionally:
one or a plurality of areas 152 for storing instructions (programs) or application data to be implemented by an operating system executed by the microprocessor or processing unit associated with the memory;
an area 16 (SB) of storage of specific instructions corresponding to instructions to be executed at the starting or initialization of the circuit or to switch from one application to another; and
a memory controller 154 (CTRL) forming the interface between the inside and the outside of memory 15.
Area 16 is intended to contain at least one program (script) 18 of interpretation or of conversion of application installation or configuration instructions and/or data. The instructions and/or data may be stored in area 16 or, as a variation, be stored in volatile memory 112 or in non-volatile memory 15. Area 16 is for example a dedicated area of the non-volatile memory plane having area(s) 152 provided therein, or structurally a region distinct from memory 15, for example, a register. In some embodiments, functionally, area 16 contains both application data and a program for interpreting the data for their transfer to memory 15.
Area(s) 152 are intended to store applications of the system, that is, instructions and data associated with applications to be implemented. These are, for example, in the context of a chip card, payment applications (bank applications) or transport applications.
Memory 15 is integrated in (is in a chip common with) a circuit also containing at least one processing unit, in one or more embodiments. The memory then forms part of circuit 100 (
Memory 15 may as a variation be an independent electronic circuit intended to be assembled on an electronic card to be operated by a different microprocessor.
According to the described embodiments, a mechanism or program 18 embedded in the memory, more particularly stored in area 16, is provided at the level of the system integrating memory 15 (or 115,
According to this embodiment, instruction interpreter 18 is programmed on manufacturing of the circuit, or more precisely, at the end of the manufacturing, in a so-called pre-personalization phase.
Such a programming amounts to storing (block 31, STORE CONFIG/PERSO IN SB), into area 16 and at the end of the manufacturing (FAB), instructions 17 of configuration or of personalization of applications for which the embedded system is intended, as well as an interpreter 18.
Once the circuit has been manufactured and pre-personalized according to the client for which it is intended, that is, having its area 16 containing an application configuration and/or personalization program (script), the latter is delivered to the client. It is not the final user, but the entity operating the applications, for example, the bank or transport application.
At the first starting (START) of the product, the operating system causes the execution (block 33, EXEC CONFIG/PERSO), by the interpreter program 18 contained in area 16, of the configuration or personalization instructions 17 contained, for example, in this area. This results in a storage (block 35, STORE IN NVM), into area 152 (
The system is then ready to operate with the applications stored in non-volatile memory 15.
It is assumed that area 16 (SCRIPTBOX) contains the instructions and data of a plurality of applications, for example three applications which have been stored therein at the end of the manufacturing. However, the process illustrated in
It is assumed that the implementation of the method of
As an example, the data are application configuration data 17. According to an embodiment, the applications store data into the same non-volatile memory, for example, all their data are stored in the same non-volatile memory. The applications are capable of generating addresses at which their data should be read from and/or written into memory 15. Each application is more particularly capable of generating addresses at which its own data and instructions should be stored in memory 15 without encroaching upon the addresses used by the other applications. In particular, the addresses of storage of secret data such as, for example, cipher keys, are not contained in, nor known by, area 16.
At the first starting and/or configuration (FIRST BOOT) of embedded system 10, the instructions (that is, the program) stored in area 16 are executed. Such an execution results in configuring applications 12, 13, and 14 in memory 15. This phase is implemented by operating system 11, which receives and executes the instructions of area 16. The application configuration or personalization instructions in some embodiments do not contain all the instructions of the applications, but rather instructions enabling to store, into the non-volatile memory, secret data such as identifiers and passwords, etc. As a variation, area 16 stores all the instructions intended for the applications, and then distributes them to said applications so that they execute them.
An advantage of this embodiment is that, since the addresses are generated by the actual applications, the instructions stored in area or register 16 at the end of the manufacturing (step 31) need not contain explicit addresses. This avoids having to provide, at the level of the operating system, secure instructions for the personalization to guarantee that the applications are not stored at the same addresses for all the circuits or for the personalization of keys. This simplifies the pre-personalization performed at the end of the system manufacturing. Indeed, the instructions and data of the applications stored in area 16 may now be the same for all the manufactured circuits.
In other words, the storage of the application(s) into the non-volatile memory of each manufactured circuit is organized by instructions contained in dedicated area 16 and the instructions are common to all the manufactured circuits.
Once the first starting has been performed, instruction area 16 is no longer used for the configuration of the applications which are now in memory 15. It may either be used to implement the application reconfiguration method which is described hereafter, or no longer be used.
In an embodiment where instruction interpreter 18 is only used during the personalization phase, non-volatile memory area 16 in some embodiments contains both interpreter 18 and the data or instructions 17 to be interpreted. It can then be considered that instructions 17 and the instructions 18 of the interpreter are a same set of instructions. This enables, once the personalization has been performed, to free area 16 for the storage of other application data.
This method uses data interpretation program 18, contained in instruction area 16, to execute an update of one or a plurality of applications in non-volatile memory 15.
Typically, when an application stored in memory 15 should be updated (block 51, MAJ/RD REQ), operating system OS receives an update instruction from the outside.
On reception of this instruction, the operating system causes the writing into area 16 (block 53, WRITE SB) of the application to be updated (of the instructions and/or data 17 of this application).
Then, the execution (block 55, EXEC) of the program 18 contained in area 16 (SB) causes the configuration or update of the corresponding application in memory 15.
Once this execution has ended, the application is up to date.
The same process as described hereabove may be implemented for the extraction (the reading) of data of the application from memory 15.
It is assumed that three applications 12 (App1), 13 (App2), and 14 (App3) are present in non-volatile memory 15.
On reception of an update program (MAJ), the operating system transfers (WRITE SB) the corresponding instructions 17 into area or register 16. The interpretation program 18 contained in area 16 executes EXEC instructions 17, which results in reconfiguring or updating the concerned application(s) 12, 13, and 14 in memory 15. This phase is implemented by operating system 11, which receives and executes the instructions of area or register 16. As for the embodiment of
Like for the embodiment of
The solution described in relation with
As a variation, data and/or instructions 17 are not stored in area 16 but transit through the volatile memory, area 16 being used to store program 18 of interpretation of instructions used for the data and/or instruction transfer.
An advantage of this embodiment is that it allows the reading and/or the rewriting of data of an application by another one, without for the applications to share the addresses at which said data are stored.
Various embodiments and variants have been described. Those skilled in the art will understand that certain features of these embodiments can be combined and other variants will readily occur to those skilled in the art. In particular, the embodiments of
Finally, the practical implementation of the described embodiments and variations is within the abilities of those skilled in the art based on the functional indications given hereabove.
Such alterations, modifications, and improvements are intended to be part of this disclosure, and are intended to be within the spirit and the scope of the present disclosure. Accordingly, the foregoing description is by way of example only and is not intended to be limiting. The present disclosure is limited only as defined in the following claims and the equivalents thereto.
The various embodiments described above can be combined to provide further embodiments. These and other changes can be made to the embodiments in light of the above-detailed description. In general, in the following claims, the terms used should not be construed to limit the claims to the specific embodiments disclosed in the specification and the claims, but should be construed to include all possible embodiments along with the full scope of equivalents to which such claims are entitled. Accordingly, the claims are not limited by the disclosure.
Ahssini, Youssef, Restiau, Guy
Patent | Priority | Assignee | Title |
Patent | Priority | Assignee | Title |
11582101, | Mar 29 2013 | Hewlett Packard Enterprise Development LP | Update of programmable for computing nodes |
5740351, | Oct 29 1992 | THE CHASE MANHATTAN BANK, AS COLLATERAL AGENT | Apparatus and method for debugging/modifying ROM-based software systems employing and extensible interpreter |
6119153, | Apr 27 1998 | Microsoft Technology Licensing, LLC | Accessing content via installable data sources |
8117587, | Jun 03 2008 | Microcontroller-resident software development environment supporting application-level asynchronous event handling, interactive debugging and pin variables for embedded systems | |
9110751, | Feb 13 2012 | Microsoft Technology Licensing, LLC | Generating and caching software code |
20020103996, | |||
20020147972, | |||
20030009305, | |||
20030131083, | |||
20030236986, | |||
20030236989, | |||
20050138347, | |||
20050240756, | |||
20060047374, | |||
20070052868, | |||
20070128899, | |||
20070277169, | |||
20090065325, | |||
20090287571, | |||
20100122197, | |||
20100333075, | |||
20120185833, | |||
20160105411, | |||
20160314055, | |||
20170109546, | |||
20200310825, | |||
20200394049, | |||
20210200542, | |||
20210200543, | |||
20210303284, | |||
20220068106, | |||
20230083894, | |||
EP1021801, | |||
FR2667171, | |||
FR2757970, | |||
WO9516246, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Nov 26 2020 | RESTIAU, GUY | PROTON WORLD INTERNATIONAL N V | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 055038 | /0137 | |
Nov 27 2020 | AHSSINI, YOUSSEF | PROTON WORLD INTERNATIONAL N V | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 055038 | /0137 | |
Dec 23 2020 | Proton World International N.V. | (assignment on the face of the patent) | / | |||
Feb 02 2024 | Proton World International | STMICROELECTRONICS BELGIUM | CHANGE OF NAME SEE DOCUMENT FOR DETAILS | 069057 | /0620 |
Date | Maintenance Fee Events |
Dec 23 2020 | BIG: Entity status set to Undiscounted (note the period is included in the code). |
Date | Maintenance Schedule |
Aug 01 2026 | 4 years fee payment window open |
Feb 01 2027 | 6 months grace period start (w surcharge) |
Aug 01 2027 | patent expiry (for year 4) |
Aug 01 2029 | 2 years to revive unintentionally abandoned end. (for year 4) |
Aug 01 2030 | 8 years fee payment window open |
Feb 01 2031 | 6 months grace period start (w surcharge) |
Aug 01 2031 | patent expiry (for year 8) |
Aug 01 2033 | 2 years to revive unintentionally abandoned end. (for year 8) |
Aug 01 2034 | 12 years fee payment window open |
Feb 01 2035 | 6 months grace period start (w surcharge) |
Aug 01 2035 | patent expiry (for year 12) |
Aug 01 2037 | 2 years to revive unintentionally abandoned end. (for year 12) |